In traditional time division multiplex (TDM) networks, voice may be transmitted mostly “in cleartext”, i.e. without any cryptographic protection like encryption, as traditional TDM networks were considered to be secure enough for the needs of the vast majority of users.
If voice or, more generally, multimedia communication is transmitted over packet networks, e.g. IP based networks like the Internet, the security aspect may differ: It is considered much more likely that communication may be eavesdropped, e.g. at WLAN hotspots, or by a person or entity having gained control over any infrastructure component in a media path, e.g. a router or switch within an IP based network.
So, it may be considered to apply cryptographic protection to media communication over packet networks. From a user perspective, the protection should be end-to-end (e2e), i.e. the cryptographic protocol should run between the communicating endpoints, with no network element in-between accessing the cleartext of the communication.
In many cases however, there may be a need for access to the cleartext, e.g. in case of transcoding of the media e.g. in order to transport media over specific network sections. Subscribers may trust their multimedia service provider (SP) to perform such necessary operations. In that case, the SP may require knowledge e.g. of cryptographic parameters such as keys used for encryption and/or integrity protection. Therefore, key management protocols may be used that perform the key exchange by usage of signaling message elements such that the encryption keys are visible to the network elements (NWEs) in the network that process the signaling messages (called “signaling relays” in the following). Examples of such key exchange protocols used for multimedia security over IP networks are SDP security descriptions (SDES) or MIKEY-NULL that can be used to establish keys for a secure real time transport protocol (SRTP) which may be designed for securing multimedia communication based on the real time transport protocol (RTP).
When using such protocols, signaling may be protected during transport between endpoints and signaling relays or between signaling relays against eavesdropping by third parties. Such protection of the signaling messages can be performed by running e.g. a cryptographic protocol between each pair of entities that exchange signaling messages. For example, if SIP is used for signaling, the cryptographic protocol may be IP secure (IPsec) encapsulating security payload (ESP) or transport layer security (TLS).
Another reason why e2e security for the multimedia communication may not be possible is that it cannot be expected that all end user equipment acting as communication endpoint will support the respective mechanisms. In fact, devices used for such multimedia communication may not be capable of supporting the above mechanisms.
In particular, the connection between an end user and a multimedia core network over a so called “access network” may be exposed to attacks (e.g. if WLAN or wire-line shared media techniques are used in the access network). So, it may be reasonable to secure the multimedia communication at least over the access network, providing what is called end-to-middle (e2m) security in the following.
In consideration of the above, according to examples of the present invention, methods, apparatuses and a related computer program product for network security are provided.
In this connection, the examples of the present invention enable one or more of the following:                Establishing optimum media security range of protection (e2e being better than e2m being better than no security) for a media stream in an efficient way: user A of a multimedia communication service wants to apply media security to a multimedia session he is going to establish with another user B. Media security mechanisms are supported by the endpoint used by A. A's service provider generally supports media security mechanisms and, for each individual media stream, may or may not be willing and able to terminate media security within the multimedia core network. User A does not know whether user B's endpoint is able to support media security. User A wants to set up e2e security in case user B's endpoint supports this and to set up e2m security otherwise. User A may even be willing to perform unsecured communication, if A's service provider should be unable to provide e2m security for a particular multimedia stream. Moreover, when the session is established, A may have information on what type of security is provided: e2e, e2m or none at all;        Distinguishing between e2e and e2m security;        No requirement for an enhancement of the registration procedure (e.g. SIP REGISTER message)        Making use of all media security variants, e.g. end-to-middle (e2m) security, by endpoints being capable of media security but not being capable of the enhanced registration procedure;        Ensuring optimal security, i.e. e2m security only if e2e security is impossible, or no security only if e2m security is impossible: when an endpoint A requests the setup of a secured media stream, there may be no way for the network serving endpoint A (i.e. the network of A's multimedia service provider) to find out what the media security capabilities of the other endpoint are. This could e.g. be the case, if the other endpoint is served by another network;        Enabling an endpoint to request for different ranges of protection;        Establishing e2e security whenever supported;        Establishing, in case e2e security is not supported, e2m security if it is supported, and only in the worst case, no security is established at all;        Establishing security even in cases where signaling/media relay (SMR) A cannot support security termination/origination (which may be a temporary condition, e.g. overload with respect to crypto-processing), by not declining requests to set up “e2m security at least” in this case but rather trying to establish e2e security (only if this fails, the media stream set up fails altogether);        Providing an endpoint that requested the establishment of a media stream with an indication on the protection range that is provided for this media stream;        Enabling an efficient mechanism, as only a few or no additional signaling elements are required and no additional exchanges of signaling messages is introduced;        Enabling an efficient and robust mechanism, as no support by relays other than SMRA is required (Legacy relays not being able to process the indicated protection range can ignore it and pass it on unchanged. Even if the remote endpoint does not support the mechanism, still the best possible protection range will be established);        Independency of the procedure for establishing optimum security from how and whether the achieved protection range is indicated to the endpoint;        